How to Enroll NixOS Devices into Swif.ai MDM | Help Center

Swif.ai supports NixOS as part of its Linux MDM platform, enabling centralized device management, policy enforcement, and compliance monitoring.

1. Prerequisites

A supported NixOS installation.
Admin/root privileges on the device.

2. Enrollment Methods

You can integrate Swif.ai with NixOS using either:

Default NixOS Configuration
Flake-based Configuration

3. Default NixOS Configuration

Install by URL

Configure swifteam settings in /etc/nixos/configuration.nix

{ config, pkgs, lib, ... }:

let
  swifteamTarball = builtins.fetchTarball {
    url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
    sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
  };
in
{
  imports = [
    (import "${swifteamTarball}")
  ];

  # Please fill in the required information in the configuration.
  services.swifteam = {
    enable = true;
    teamId = "{teamId}";
    name = "{name}";
    surname = "{surname}";
    email = "{email}";
  };
}

Rebuild NixOS
$ sudo nixos-rebuild switch
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

Import local generated files in /etc/nixos/configurations.nix

{
  imports = [
    (import "${swifteamTarball}")
    ./swifteam
  ]
}

Rebuild NixOS again
$ sudo nixos-rebuild switch

Install by local path
1. Download swifteam.tar.gz
  $ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz
2. Create directory
  $ sudo mkdir /etc/nixos/swifteam
3. Extract swifteam.tar.gz
  $ sudo tar -xzvf swifteam.tar.gz -C /etc/nixos/swifteam
4. Configure swifteam settings in /etc/nixos/configurations.nix
```
{ config, pkgs, lib, ... }:

{
  imports = [
    ./swifteam
  ];

  # Please fill in the required information in the configuration.
  services.swifteam = {
    enable = true;
    teamId = "{teamId}";
    name = "{name}";
    surname = "{surname}";
    email = "{email}";
  };
}
```
5. Rebuild NixOS
  $ sudo nixos-rebuild switch
6. Reboot system
7. Check if swif-agent.service is running
  $ sudo systemctl status swif-agent.service

4. Flake-based Configuration

Install by URL

Configure swifteam settings in flake.nix

{
  inputs = {
    swifteamTarball = {
      url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
      flake = false;
    };
  };
  
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        (import "${swifteamTarball}")
        ({ ... }: {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        })
      ];
    };
  };
}

Rebuild flake environment
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

Import local generated files in flake.nix

{
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        (import "${swifteamTarball}")
        ({ ... }: {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        })
        ./swifteam
      ];
    };
  };
}

Rebuild flake environment again
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>

Install by local path

Download swifteam.tar.gz
$ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz
Create directory
$ mkdir <nixRootPath>/swifteam
Extract swifteam.tar.gz
$ sudo tar -xzvf swifteam.tar.gz -C <nixRootPath>/swifteam

Configure swifteam settings in flake.nix

{
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        ./swifteam
        {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        }
      ];
    };
  };
}

Rebuild flake system
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

5. Verification

After rebuilding:

Run to verify the Swif agent installation.
```
$sudo systemctl status swif-agent.service
```
Check the device’s status in Swif Console → Device Inventory.

6. Post-Enrollment Steps

Apply Policies: Security, compliance, or configuration policies can now be applied from the Swif console.
Remote Management: Use Swif’s features to lock, restart, shut down, or even erase a device if needed.
Software & OS Patch Management: Automate package updates on your Linux endpoints from one central location.
Summary of the NixOS support features:
1. Script Installer —Flake-based Configuration: Install by URL or by local path
2. Desktop App
3. Disk Health
4. Device Specifications
5. Accounts
6. Commands
7. Applications
8. Certificate
9. Live terminal
10. Package manager
11. Password Policy
12. Screensaver Policy
13. Change Password
14. Reboot
15. Shutdown
16. Device Lock
17. Soft Wipe
18. Remove Swif Agent
Swif's Desktop app compatibility: Used for in-app notification and compliance display

	x86_64	arm_64
Ubuntu	√	√
Fedora	√	√
NixOS	√	X

Here is the notice that will be added to the help article, based on Jira issues ST-5966 and ST-5878, and referencing the work by Yoge Chou:

Notice: How the NixOS Rebuild Notification Works

When using Swif.ai MDM on NixOS devices, you may receive an in-app notification prompting you to run the nixos-rebuild command. This notification is designed to help you keep your device up to date with the latest configurations and security policies managed by your organization.

You will receive an email notification.
The in-app notification will appear in the desktop app, similar to update prompts you may have seen in other applications (e.g., Zoom).
You will be given a clear call-to-action (CTA) to run the rebuild command. There is also an option to “Skip for now” if you are not ready to proceed.
If you choose to skip, you can continue using your device as usual, but it is recommended to complete the rebuild at your earliest convenience to ensure compliance and security.
ARM support for NixOS is currently not available, but updates are being tracked.

This notice will be appended to the help article:

How to Enroll NixOS Devices into Swif.ai MDM | Help Center | Swif

If you need any changes or a different format, let me know! 1

Sources

How to Enroll NixOS Devices into Swif.ai MDM | Help Center | Swif

7. Troubleshooting

Check system logs for swifteam service errors:
```
journalctl -u swifteam
```
Re-run nixos-rebuild if configuration changes are made.

How to Enroll Linux Devices in Swif

Resolving "Operation Not Permitted Without Secure Token Unlock" Error on Mac Devices

Configuring SentinelOne Exclusions for Swif.ai to Prevent False Positives

Release Notes - MDM Services

Configuring CrowdStrike Falcon Exclusions for Swif.ai to Prevent False Positives